View
4
Download
0
Category
Preview:
Citation preview
Chair for Network Architectures and Services – Prof. Carle
Department of Computer Science TU München
Master Course Computer Networks
IN2097
Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D.
Stephan Günther
Chair for Network Architectures and Services Department of Computer Science Technische Universität München
http://www.net.in.tum.de
Network Security, WS 2008/09, Chapter 9 2 IN2097 - Master Course Computer Networks, WS 2012/2013 2
Outline - Introductory Lession
q Knowing each other § Who studies what? § What ist your background?
q Learning Outcomes q Course Outline q Organisational Formalities q Overview q Research
Network Security, WS 2008/09, Chapter 9 3 IN2097 - Master Course Computer Networks, WS 2012/2013 3
Questions
q Who is new at TUM?
q Who studies what? § Diploma degree? § Master in Informatics? § Master in Informatics – English Track? § Master in Information Systems [Wirtschaftsinformatik]? § Master in Communications Engineering MSCE? § Other Master courses? § Bachelor in Informatics? § Bachelor in Information Systems [Wirtschaftsinformatik]? § Other courses?
Network Security, WS 2008/09, Chapter 9 4 IN2097 - Master Course Computer Networks, WS 2012/2013 4
More Questions
q Which previous relevant courses? § IN0010 - Grundlagen Rechnernetze und Verteilte Systeme? § Other Courses in Computer Networks?
§ iLab (Internet Lab)? § Other Networking Lab courses?
§ What else? q Other related courses?
§ Network Security? § Peer-to-Peer Communications and Security?
q Other relevant skills? § C programming skills? § Setting up a (virtualized) unix / linux server? § Using up a (virtualized) unix / linux server?
Network Security, WS 2008/09, Chapter 9 5 IN2097 - Master Course Computer Networks, WS 2012/2013 5
Intended Learning Outcomes and Competences
q Goals of the course § Learn to take responsibility for yourself § Think about the topics
(do not aim just being able to repeat content of theses slides without deeper understanding)
§ Learn to reflect on technical problems § Learn to apply your knowledge § Understand the principles
• What is the essence to be remembered in some years? • What would you consider suitable questions in an exam?
§ Learn from practical project performed during course
Network Security, WS 2008/09, Chapter 9 6 IN2097 - Master Course Computer Networks, WS 2012/2013 6
General Learning Outcomes
q Knowlege § Being able to reproduce facts
q Understanding § Being able to explain properties with own words
q Applying § Apply known methods to solve questions
q Analyzing § Identifying the inherent structure of a complex system
q Synthesis § Creating new solutions - from known elements
q Assessment § Identifying suitable criteria and perform assessment
Network Security, WS 2008/09, Chapter 9 7 IN2097 - Master Course Computer Networks, WS 2012/2013 7
Learning Outcomes - what students are expected to acquire from the course
q Knowledge, Understanding, Applying § protocols:
application layer, transport layer, network layer, data link layer § concepts:
measurements, signalling, QoS, resilience ðlectures, exercise questions
final examination q Applying, Analyzing, Synthesis, Assessment
§ special context: http, SCTP § tools: svn, measurement tools, ... § methods: plan solution, program, administer experiment
setup, measure, reflect, document ðcourse project
Network Security, WS 2008/09, Chapter 9 8 IN2097 - Master Course Computer Networks, WS 2012/2013 8
Course Overview
q Part 1: Internet protocols Overview on Computer Networks Application Layer Transport Layer Network Layer Link Layer
q Part 2: Advanced Concepts Node Architectures and Mechanisms Quality of Service Measurements Signalling Resilience Design Principles and Future Internet
Network Security, WS 2008/09, Chapter 9 9 IN2097 - Master Course Computer Networks, WS 2012/2013 9
Books (1)
Acknowledgements q Significant parts of this lecture are based on the book
Computer Networking: A Top Down Approach , Jim Kurose, Keith Ross Addison-Wesley, 5th edition, April 2009.
q The lecture slides are based to a significant extent on slides by Jim Kurose and Keith Ross Keith Ross
Polytechnic Institute of New York University
Jim Kurose University of Massachusetts, Amherst
Network Security, WS 2008/09, Chapter 9 10 IN2097 - Master Course Computer Networks, WS 2012/2013 10
Books (2)
q A further book relevant for the course: Douglas Comer Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, Addison-Wesley, 5th edition, 2005
Douglas Comer Purdue University
Network Security, WS 2008/09, Chapter 9 11 IN2097 - Master Course Computer Networks, WS 2012/2013 11
Course organization
q Time slots § Friday, 10:15-11.45, MI H2 § Monday, 16:15-17.45, MI H2
q TUMonline: registration required (for exam registration + Email) q Students are requested to subscribe by October 19, 2012 for project
http://www.net.in.tum.de/en/teaching/ws1213/ vorlesungen/masterkurs-rechnernetze/ ð link to registration form (needed for project login and svn access)
q Questions and Answers / Office hours § Prof. Dr. Georg Carle, carle@net.in.tum.de
• After the course and upon appointment (typically Monday 18-19) § Christian Grothoff, Ph.D., grothoff@net.in.tum.de
• Drop in or by appointment. q Course Material
§ Slides made available online (may be updated during the course).
Network Security, WS 2008/09, Chapter 9 12 IN2097 - Master Course Computer Networks, WS 2012/2013 12
Registration for the project
q http://www.net.in.tum.de → Teaching → WS1213 → Vorlesungen → Master Course Computer Networks → Registration for the project
q Registration for the project is open until October 19th q The project has to be completed as individual work. This does
not generally preclude any team work (e.g. discussion of problems or strategies) but copy&paste will be graded with FAIL.
q Please register only once. You will receive a confirmation mail after the registration period. In case of problems, please send a mail to guenther in.tum.de.
q To grant you access to the version control system and virtual machines needed for the project, we need your MyTUM/LRZ-ID. It is used for encrypted authentication against the LDAP database, i.e. we don't have to assign you individual passphares.
Network Security, WS 2008/09, Chapter 9 13 IN2097 - Master Course Computer Networks, WS 2012/2013 13
Registration for the project
q What is the MyTUM-/LRZ-ID? It is a 7 digit alphanumeric ID that you have been assigned at the begin of your study.
q I don't know / forgot it, what should I do? Logon to TUMOnline. Under "Resources", choose "E-mail Addresses". You find your MyTUM-ID below your alias addresses, e.g. xa93kep@mytum.de.
q I don't have an ID, what can I do? Get one. If you are an exchange student, you can register for an ID at the "Info Point" in the computer science building. In case you are not a student of TUM and also no exchange student (e.g. LMU), then we have problem. In this case please write to guenther in.tum.de.
Network Security, WS 2008/09, Chapter 9 14 IN2097 - Master Course Computer Networks, WS 2012/2013 14
Examination and Grading
q Written exam at the end of the term
q Project § will be graded § can give you 50% bonus to your final exam → participation highly recommended!
q Final exam § Date and location of written examination tba § Weighting: 50% of final grade
Chair for Network Architectures and Services – Prof. Carle
Department of Computer Science TU München
Overview
Network Security, WS 2008/09, Chapter 9 16 IN2097 - Master Course Computer Networks, WS 2012/2013 16
Internet Structure
q Autonomous systems (AS level structure)
q Routers and hosts (IP level structure)
Network Security, WS 2008/09, Chapter 9 17 IN2097 - Master Course Computer Networks, WS 2012/2013 17
Network Layer - Routing
q Routing algorithms § Link state § Distance Vector § Hierarchical routing
q Routing in the Internet § RIP § OSPF § BGP
q Broadcast and multicast routing
Network Security, WS 2008/09, Chapter 9 18 IN2097 - Master Course Computer Networks, WS 2012/2013 18
Transport Layer Services
q Transport-layer services q Multiplexing and demultiplexing
q Connectionless transport: UDP
q Connection-oriented transport: TCP § segment structure § reliable data transfer § flow control § connection management
q TCP congestion control
q SCTP
Network Security, WS 2008/09, Chapter 9 19 IN2097 - Master Course Computer Networks, WS 2012/2013 19
Pipelining for increased utilization
first packet bit transmitted, t = 0
sender receiver
RTT
last bit transmitted, t = L / R
first packet bit arrives last packet bit arrives, send ACK
ACK arrives, send next packet, t = RTT + L / R
last bit of 2nd packet arrives, send ACK last bit of 3rd packet arrives, send ACK
U sender = .024
30.008 = 0.0008
microseconds
3 * L / R RTT + L / R
=
Increase utilization by a factor of 3!
Network Security, WS 2008/09, Chapter 9 20 IN2097 - Master Course Computer Networks, WS 2012/2013 20
Why is TCP fair?
Two competing sessions: q Additive increase gives slope of 1, as throughout increases q multiplicative decrease decreases throughput proportionally
R
R
equal bandwidth share
Connection 1 throughput
Conn
ecti
on 2
thr
ough
put
congestion avoidance: additive increase
loss: decrease window by factor of 2
congestion avoidance: additive increase loss: decrease window by factor of 2
Network Security, WS 2008/09, Chapter 9 21 IN2097 - Master Course Computer Networks, WS 2012/2013 21
Shared Backplane CPU Buffer
Memory
Line Interface
DMA
MAC
Line Interface
DMA
MAC
Line Interface
DMA
MAC
Node Architectures and Mechanisms
q First-Generation IP Routers
Network Security, WS 2008/09, Chapter 9 22 IN2097 - Master Course Computer Networks, WS 2012/2013 22
NAT Traversal
q One of several NAT traversal solutions: relaying (e.g. used in Skype)
§ NATed client establishes connection to relay node § External client connects to relay node § relay node forwards packets between two connections
138.76.29.7
Client
10.0.0.1
NAT router
1. connection to relay initiated by NATted host
2. connection to relay initiated by client
3. relaying established
Network Security, WS 2008/09, Chapter 9 23 IN2097 - Master Course Computer Networks, WS 2012/2013 23
Network Measurements
q Introduction q Architecture & Mechanisms q Protocols
§ IPFIX (Netflow Accounting) § PSAMP (Packet Sampling)
q Scenarios
Network Security, WS 2008/09, Chapter 9 24 IN2097 - Master Course Computer Networks, WS 2012/2013 24
q Standardized data export
q Monitoring Software
q HW adaptation, [filtering]
q OS dependent interface (BSD)
q Network interface
Monitoring Probe
BPF
libpcap
Monitoring Software
Exporter
Network Security, WS 2008/09, Chapter 9 25 IN2097 - Master Course Computer Networks, WS 2012/2013 25
Quality-of-Service Support
q Link virtualization q Providing multiple classes of service q Providing Quality-of-Service (QoS) guarantees q QoS Architectures
§ Integrated Services § Differentiated Services
Network Security, WS 2008/09, Chapter 9 26 IN2097 - Master Course Computer Networks, WS 2012/2013 26
Signaling
q before, during, after connection/call § call setup and teardown (state) § call maintenance (state) § measurement, billing (state)
q between § end-user <-> network § end-user <-> end-user § network element <-> network element
q examples § Q.921, SS7 (Signaling System no. 7): telephone network § Q.2931: ATM § RSVP (Resource Reservation Protocol) § H.323: Internet telephony § SIP (Session Initiation Protocol): Internet telephony
signaling: exchange of messages among network entities to enable (provide service) to connection/call
Network Security, WS 2008/09, Chapter 9 27 IN2097 - Master Course Computer Networks, WS 2012/2013 27
Voice over IP Example
Caller jim@umass.edu places a call to keith@upenn.edu (1) Jim sends INVITE message to umass SIP proxy. (2) Proxy forwards request to upenn registrar server. (3) upenn server returns redirect response, indicating that it should try keith@eurecom.fr (4) umass proxy sends INVITE to eurecom registrar. (5) eurecom registrar forwards INVITE to 197.87.54.21, which is running keith’s SIP client. (6-8) SIP response sent back (9) media sent directly between clients. Note: SIP ack messages not shown.
SIP client217.123.56.89
SIP client197.87.54.21
SIP proxyumass.edu
SIP registrarupenn.edu
SIPregistrareurecom.fr
1
2
3 4
5
6
7
8
9
Network Security, WS 2008/09, Chapter 9 28 IN2097 - Master Course Computer Networks, WS 2012/2013 28
Design principles and Future Internet
q Network design principles § common themes: indirection, virtualization, multiplexing,
randomization, scalability § implementation principles § network architecture: the big picture, synthesis
q Future Internet approaches
Chair for Network Architectures and Services – Prof. Carle
Department of Computer Science TU München
Research
Network Security, WS 2008/09, Chapter 9 30 IN2097 - Master Course Computer Networks, WS 2012/2013 30
Research
Sensor/actor systems
Audio-visual applications
Audio/video and real-time service
Peer-to-peer and overlay Networks
Mobile communications
Network monitoring Aut
onom
ic
man
agem
ent
Net
wor
k se
curit
y
M M M M
- Innovative mechanisms
- Measure and analyze the network
- Methods and tools for network engineering
Network Security, WS 2008/09, Chapter 9 31 IN2097 - Master Course Computer Networks, WS 2012/2013 31
Autonomic Home Networking
Today, q Social and technical barriers q No interconnection of mobile
devices and other technical equipment
q Users are no experts in the field of networking (will not change)
à Introduction of autonomic behavior important
AutHoNe q self-management and manual
interaction q adaption to users and environment
Self-
Management
Manual
interaction
Degree of freedom for the
Autonomic Network Control
Network Security, WS 2008/09, Chapter 9 32 IN2097 - Master Course Computer Networks, WS 2012/2013 32
Home Networks of Tomorrow
Future home networks q A home gateway
§ connected to the Internet or service provider network.
q Multimedia devices § video, CD, DVD players, TVs, amplifiers, …
q Computers and peripherals q Communication devices q Body area devices q Home appliances
§ lighting, heating, oven, … q Networked sensors
§ temperature, acoustic, optical q Networked actuators
Network Security, WS 2008/09, Chapter 9 33 IN2097 - Master Course Computer Networks, WS 2012/2013 33
Vision of a Secure Autonomic Home Network
Visitor
Mobile Devices
Appliances
Monitoring Probe
Home Gateway
Distributed
Sensor/Actuator Network
Monitoring Probe
WLAN, Bluetooth
PC
Landlord
Full Control
Trust determines Access Rights
AutHoNe - Home Network • Self management • Visualization of Network State • Autonomic Control • “Plug and Play”
Network Security, WS 2008/09, Chapter 9 34 IN2097 - Master Course Computer Networks, WS 2012/2013 34
Basic concepts
q Knowledge Platform
q Autonomous Configuration and Management
no UMTS
collect
analyse
decide
act
feedback loop
report
candidates eth0 wlan0 umts0
Knowledge
Knowledge Agent KA KA
KA KA
KA
23°C Light is on Call from +49 89 2..
My IP is 127.0.0.1 Window open
KA
Network Security, WS 2008/09, Chapter 9 35 IN2097 - Master Course Computer Networks, WS 2012/2013 35
Basic concepts
q User Control § User-friendly § Modes for normal
users and experts
q Interaction with Environment § Sensors § Actuators
Security secure
less secure
• No remote access
• Remote access by owner (no administrative control)
• Remote access by friends
… …
Base station
1 2
3
4
5
6
11 20 21 18
31 20
42 100
52 200
62 200
31 2062 200
Network Security, WS 2008/09, Chapter 9 36 IN2097 - Master Course Computer Networks, WS 2012/2013 36
Scenario „Remote Service Access“
q Guests want to use services in a home network § Establishment of trust between guest and home § Reputation system
q Wish to access services in the foreign network § Multimedia, device control, data exchange
q NATs do not allow direct communication § NATs break the end-to-end paradigm of the Internet § NAT/firewall traversal
q Scenarios for NAT traversal § „Legacy Applications“
• Web/File Server • P2P applications • Home Automation
q Transparent to the user
Remote Access across Internet
Autonomic
NAT/Firewall Traversal Guest
Users Home Network Friends Home Network
Service
Network Security, WS 2008/09, Chapter 9 37 IN2097 - Master Course Computer Networks, WS 2012/2013 37
Scenario “Trust and Security”
Home A
Device Certificate
pub
info
signature
Home Certificate
pub
info
signature
Trust
Trusted HomesHome Certificate
pub
info
signature
Home Certificate
pub
info
signature
Home Certificate
pub
info
signature
Dev
ice
of fo
reig
n ho
me
netw
ork
B
Service Access
q Security is a neglected field of home networking today q Future Home networks require better security solutions, e.g.
authentication and authorization mechanisms for access control q Interoperability between home networks, e.g. access to shared
services must be controlled
Network Security, WS 2008/09, Chapter 9 38 IN2097 - Master Course Computer Networks, WS 2012/2013 38
Local Network
Internet
Malware
Honeypot
Home Network
Bot-Master
Control serverHome-Server
Detecting Command and Control Traffic
Alert!!! Alert!!!
Provider
q Provider-guided attack detection in home networks
Security Information
Network Security, WS 2008/09, Chapter 9 39 IN2097 - Master Course Computer Networks, WS 2012/2013 39
Internet
Inter-‐operator /managed IPnetwork
HPLMN
IMSWL AN 3GPP IP Ac c es s
PDGAPUE
2.5 / 3G Ac ces s
UTR ANUE
L TE Ac ces s
UE
VPLMN
HS SE PS
UE (C N)
MME
PDN GW
S ervingS AE GW
S GS N
S2 a/b
„NON-3GPP“„NON-3GPP“
S5
Note:3G reference pointstaken from 23402-120
S2 a/b
S11
S1-U
S3 S4
S1-MME
PC R Fi9
P -‐C S C F
Rx+
RNC
eNodeB L TE RAN
Meter
MMC E
Meter
MMC E
Meter
MMC E
MMC E
WiMAX
UE C S N
AS N(HA)
S2 a/b
Meter
MMC E
N-RM
PDG
Cellular Networks
Recommended